Page 1 of 1

PHP Security and/or Lack Thereof

Posted: Wed Nov 19, 2003 9:23 am
by Saethyr
Yesterday I found a neat little site called http://www.hackthissite.org on this site are many "missions. In these missions you learn to exploit several vulnerabilities in MySQL, PHP, SSI, and Javascript that will allow a hack to infliltrate your website. I think it might be worthwhile for newbies and veterans alike to check this site out, I found many things that I would have overlooked before completing all the basic hacking and 4 of the realistic missions. Opened my eyes and I thought I would share it with those who had never seen it. I am now considering writing a security tutorial for newbies who might not think about things like SQL injection, SSI directives, address bar javascript and referrer spoofing.


Saethyr
Eternal Newbie 8O

Posted: Wed Nov 19, 2003 12:32 pm
by JPlush76
that is definatley an interesting site...
here's a nice article about how to get the real IP address through proxy servers
http://www.hackthissite.org/readarticle.php?id=44

Code: Select all

<?php
<?
if (isset ($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$UserIP = $_SERVER["HTTP_X_FORWARDED_FOR"];
}else {
$UserIP = $_SERVER["REMOTE_ADDR"];
}
print $UserIP;
?>
?>

Posted: Wed Nov 19, 2003 12:58 pm
by JPlush76
here is an article that explains how to crack MD5

http://www.hackthissite.org/readarticle.php?id=353